I’ve just returned from the Professional Developers Conference in Los Angeles, where Microsoft announced that there’s a great version of Windows coming if you can just wait a few years.

Actually, they didn’t say that, but they could have. At the PDC, held Oct. 19-23 in the L.A. Convention Center, Microsoft handed out to the 7,000+ developers in attendance the first CDs containing a working, pre-beta build of its new operating system, code-named Longhorn. This product will turn into a shipping desktop version of Windows some time in 2005 or 2006.

Timelines shown by Microsoft speakers during the conference’s main presentations asserted that the first beta build of Longhorn (officially called Beta 1) would be released in the 2nd half of 2004. If that schedule holds up, it means that Longhorn could ship before the end of 2005 if all the development work goes smoothly. If snags are encountered, on the other hand, the product could slip into 2006. At this point, I believe it’s futile to speculate on the exact ship date, which is impossible to predict.

Since Longhorn is so far away from being a working product, I believe that two other upcoming Microsoft releases will have a much greater near-term impact:

Windows XP Service Pack 2 in 1H 2004 A beta of XP SP2 will be released to interested testers by December 2003, according to Microsoft representatives. The final SP2 release, scheduled for the 1st half of 2004, promises to close some of the security issues in XP. The plan is to make the operating system more resistant to worm attacks, even in machines that may not have a critical patch installed. The changes include improvements to Microsoft’s Internet Connection Firewall (actually turning it on, for example, instead of leaving it off by default), new support for “no execute” areas of memory in order to prevent buffer overruns, and safer versions of Internet Explorer, Outlook Express, and Windows Messenger.

Windows Server 2003 Service Pack 1 in 2H 2004 While not providing definite guidance on when SP1 for Server 2003 will be released for beta testing, Microsoft suggests that the beta release of SP1 will go out in the 1st half of 2004. The final service pack, scheduled for release in the 2nd half of 2004, is also expected (like the service pack for XP) to concentrate on security fixes for the server OS.

If your company uses Windows XP or develops software that runs on XP, it’s important that you get into the beta test program for XP SP2. Many of the changes planned for that service pack will break programs that aren’t designed for the new environment. In particular, changes to Microsoft’s firewall, RPC (Remote Procedure Calls), and DCOM (Distributed Component Object Model) may interfere with some of today’s programs.

“Developers need to test their apps on SP2 as soon as possible,” said Michael Howard, Microsoft’s senior program manager of security engineering and communications, in a telephone interview. “Some features will be turned off by default” that your programs may rely upon, he emphasized.

An excellent 11-page paper that describes the changes in XP, entitled “Windows XP Service Pack 2: A Developer’s View,” was handed out at a security workshop during the PDC. A copy of the paper has been posted in the MSDN Library. I strongly recommend that you take a look.

Compared to XP SP2, less information is available about plans for SP1 for Windows Server 2003. I’ll cover developments in these and other areas as they evolve.

Now is the time for readers to send me their findings on the pre-beta release of Longhorn and word on the betas of XP SP2 and Server 2003 SP1. To send me tips on these or any other subjects, visit WindowsSecrets.com/contact.

Microsoft has made what I consider the most significant changes in its security-bulletin release policy since the beginning of security bulletins. Instead of sending out Windows patches every week, as has until recently been the case, the Redmond software giant now plans to circulate new patches only once a month, on the 2nd Tuesday of each month. (If a worm is running loose “in the wild,” Microsoft says it will release a special patch immediately.)

I wrote in the paid version of the Oct. 16 Brian’s Buzz that I’d analyze for you the full implications of this new policy. After interviewing several Microsoft officials and independent experts, I’m devoting today’s special report to this topic.

Microsoft’s last patch release was on Oct. 15. On that date, the company announced five patches affecting every supported version of Windows and two patches involving Exchange Server. The next scheduled announcement will be Nov. 11. No new patches have been released between these monthly milestones. That makes this the first time in years that the company has gone as long as four weeks without putting out a Windows patch. Because of this gap, I won’t in today’s issue analyze the latest new patches, since there aren’t any.

I wrote in my Nov. 3 eWeekcolumn that some experts are already saying a monthly schedule will lead to less security than a real-time release policy. Personally, I believe the shift to monthly batches of patches can make your company more secure, if you act decisively to take advantage of the new regime. On the other hand, if you put off rolling out new patches for a week or two after a monthly announcement, you might then say, “I’ll wait until another batch comes out next month.” That would make Microsoft’s switch to a monthly schedule a net loss of security for your company.

The opportunity for greater Windows security is yours to grasp or ignore. Here, then are the major points you need to know:

• You have a rendezvous with destiny every 2nd Tuesday. Microsoft is moving its release of patches from every Wednesday to every 2nd Tuesday morning. This shift from Wednesday to Tuesday is intended to give legitimate companies almost a full working week to download, test, and roll out the latest batch of patches before black-hat hackers have enough spare time to create and launch viruses and worms.

Whatever you may think about “Matrix Revolutions” – the final installment of the Matrix trilogy, which is in theatres now – I’m sure you’ll find that “The Meatrix” is a lot funnier.

A mysterious cow with sunglasses, Moo-pheus, brings a blue pill and a red pill to a barnyard pig, Leo, to free him from his fantasies of a family farm. The excellent Flash animation is the result of a grant awarded to GRACE, the Global Resource Action Center for the Environment. The short film has a strong ecology message at the end, but if you can live with that it’s quite an entertaining flick. Caution: plays music, watch the volume level of your speakers if you’re in a cubicle. More info

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by
Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com. All other marks are the trademarks or service marks of their respective owners.HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our
free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside
party, ever.
2. We will never send you any unrequested e-mail, besides
newsletter updates.
3. All unsubscribe requests are honored immediately, period.
Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe
from the Windows Secrets Newsletter,

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.